├── img ├── inbug ├── inbug01.png ├── inbug02.png ├── inbug03.png ├── inbug04.png └── inbug05.png ├── yun.png ├── InBug.png ├── .gitattributes ├── .github └── workflows │ └── incloud.yaml └── README.md /img/inbug: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /yun.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/InCloud/main/yun.png -------------------------------------------------------------------------------- /InBug.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/InCloud/main/InBug.png -------------------------------------------------------------------------------- /img/inbug01.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/InCloud/main/img/inbug01.png -------------------------------------------------------------------------------- /img/inbug02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/InCloud/main/img/inbug02.png -------------------------------------------------------------------------------- /img/inbug03.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/InCloud/main/img/inbug03.png -------------------------------------------------------------------------------- /img/inbug04.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/InCloud/main/img/inbug04.png -------------------------------------------------------------------------------- /img/inbug05.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/safe6Sec/InCloud/main/img/inbug05.png -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | # Auto detect text files and perform LF normalization 2 | * text=auto 3 | -------------------------------------------------------------------------------- /.github/workflows/incloud.yaml: -------------------------------------------------------------------------------- 1 | name: incloud 2 | 3 | on: 4 | workflow_dispatch: 5 | 6 | jobs: 7 | build: 8 | runs-on: ubuntu-latest 9 | steps: 10 | - name: Checkout Repo 11 | uses: actions/checkout@master 12 | 13 | - name: Setup golang 14 | uses: actions/setup-go@v2 15 | with: 16 | go-version: 1.14 17 | 18 | - name: Setup Dependencies 19 | run: sudo apt-get install libpcap-dev 20 | 21 | 22 | 23 | - name: Cache Go 24 | id: cache-go 25 | uses: actions/cache@v2 26 | with: 27 | path: /home/runner/go 28 | key: ${{ runner.os }}-go 29 | 30 | - name: Setting up ProjectDiscovery tools 31 | if: steps.cache-go.outputs.cache-hit != 'true' 32 | env: 33 | GO111MODULE: on 34 | run: | 35 | go get -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder 36 | go get -v github.com/projectdiscovery/dnsx/cmd/dnsx 37 | go get -v github.com/projectdiscovery/naabu/v2/cmd/naabu 38 | go get -v github.com/projectdiscovery/httpx/cmd/httpx 39 | go get -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei 40 | shell: bash 41 | 42 | 43 | - name: Running naabu to check top all ports 44 | run: | 45 | naabu -iL input/target.txt -rate 10000 -p - | tee output/active_ports.txt 46 | shell: bash 47 | 48 | 49 | - name: Running httpx for HTTP webservers probbing 50 | run: | 51 | httpx -l output/active_ports.txt -title 52 | httpx -l output/active_ports.txt | tee output/active_urls.txt 53 | shell: bash 54 | 55 | - name: Sorting the output results 56 | run: | 57 | find output -type f -exec sort {} -o {} \; 58 | shell: bash 59 | 60 | - name: Create local changes 61 | run: | 62 | git add output/active_ports.txt 63 | git add output/active_urls.txt 64 | - name: Commit results to Github 65 | run: | 66 | git config --local user.email "1850597152@qq.com" 67 | git config --global user.name "safe6sec" 68 | git commit -m "InCloud Report" -a --allow-empty 69 | - name: Push changes 70 | uses: ad-m/github-push-action@master 71 | with: 72 | github_token: ${{ secrets.GITHUB_TOKEN }} 73 | branch: ${{ github.ref }} 74 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # InCloud GitHub云上扫描器 2 | ![-w784](yun.png) 3 | ## 简介 4 | 本工具只可用于安全测试,勿用于非法用途! 5 | ### 工具定位 6 | 运行于GitHub Actions 的仓库中自动化、自定义和执行软件开发工作流程,可以自己根据喜好定制功能,InCloud已经为您定制好了十种针对网段和域名的不同场景的信息收集与漏洞扫描流程。 7 | * [PortScan-AllPort](https://github.com/inbug-team/InCloud/tree/PortScan-AllPort) 对单IP文件列表进行全端口扫描,输出可用Web服务标题。 8 | * [PortScan-AllPort-Xray-Dirscan](https://github.com/inbug-team/InCloud/tree/PortScan-AllPort-Xray-dirscan) 对单IP文件列表进行全端口扫描,输出可用Web服务标题,对Web服务进行Xray爬虫爬取与漏洞扫描,对Web服务进行Ffuf目录递归扫描。。 9 | * [PortScan-Top1000](https://github.com/inbug-team/InCloud/tree/PortScan-Top1000) 对单C段IP列表进行Top1000端口扫描,输出可用Web服务标题。 10 | * [PortScan-Top1000-Xray](https://github.com/inbug-team/InCloud/tree/PortScan-Top1000-Xray) 对单C段IP列表进行Top1000端口扫描,输出可用Web服务标题,对Web服务进行Xray爬虫爬取与漏洞扫描。 11 | * [PortScan-Top1000-Dirscan](https://github.com/inbug-team/InCloud/tree/PortScan-Top1000-Dirscan) 对单C段IP列表进行Top1000端口扫描,输出可用Web服务标题,,对Web服务进行Ffuf目录递归扫描。 12 | * [PortScan-Top1000-Dirscan-Webcrack](https://github.com/inbug-team/InCloud/tree/PortScan-Top1000-Dirscan-Webcrack) 对单C段IP列表进行Top1000端口扫描,输出可用Web服务标题,,对Web服务进行Ffuf目录递归扫描,对ffuf的扫描结果使用Webcrack进行后台弱口令爆破。 13 | * [SubDomain-Portscan-Vulnscan](https://github.com/inbug-team/InCloud/tree/SubDomain-Portscan-Vulnscan) 对域名进行子域名枚举与接口查询,对查询的子域名进行Top1000端口扫描,输出可用Web服务标题,对Web服务进行Nuclei漏洞扫描。 14 | * [SubDomain-Portscan-Xray](https://github.com/inbug-team/InCloud/tree/SubDomain-Portscan-Xray) 对域名进行子域名枚举与接口查询,对查询的子域名进行Top1000端口扫描,输出可用Web服务标题,对Web服务进行Xray爬虫爬取与漏洞扫描。 15 | * [SubDomain-Portscan-Dirscan](https://github.com/inbug-team/InCloud/tree/SubDomain-Portscan-Dirscan) 对域名进行子域名枚举与接口查询,对查询的子域名进行Top1000端口扫描,输出可用Web服务标题,,对Web服务进行Ffuf目录递归扫描。 16 | * [SubDomain-Portscan-Dirscan-Webcrack](https://github.com/inbug-team/InCloud/tree/SubDomain-Portscan-Dirscan-Webcrack) 对域名进行子域名枚举与接口查询,对查询的子域名进行Top1000端口扫描,输出可用Web服务标题,,对Web服务进行ffuf目录递归扫描,对ffuf的扫描结果使用Webcrack进行后台弱口令爆破。 17 | 18 | ## 使用方法 19 | [使用视频](https://mp.weixin.qq.com/s/IntTPw4VpgaVzbZd1BZ8IQ) 20 | * 1.将项目fork到自己的github。 21 | * 2.修改流程文件(.github/workflows/incloud.yaml)里的 git config --local user.email 与 git config --global user.name 改成自己的邮箱与自己的ID(用于报告输出)。 22 | * 3.修改input目录的扫描目标,使用action标签进行在线编译。 23 | * 4.GitHub提供六小时的容器使用时长,扫描结束后,扫描结果会自动上传到自己fork的output文件夹下。 24 | * 5.需要更新最新版本,请删除fork的项目再重新fork此项目。 25 | * ![-w784](img/inbug01.png) 26 | * ![-w784](img/inbug03.png) 27 | * ![-w784](img/inbug04.png) 28 | * ![-w784](img/inbug05.png) 29 | ## References 30 | * https://github.com/chaitin/xray 31 | * https://github.com/ffuf/ffuf 32 | * https://github.com/projectdiscovery/nuclei 33 | * https://github.com/projectdiscovery/naabu 34 | * https://github.com/projectdiscovery/nuclei 35 | * https://github.com/projectdiscovery/subfinder 36 | * https://github.com/yzddmr6/WebCrack 37 | 38 | ## 最近更新 39 | * [+] 2021/7/20 添加各分支输入备注,修复小bug。 40 | * [+] 2021/7/22 添加爆破后台弱口令的 SubDomain-Portscan-Dirscan-Webcrack分支、PortScan-Top1000-Dirscan-Webcrack 分支。 41 | 42 | 43 | 44 | **官网:** 45 | https://www.inbug.org 46 | 47 | 同时也可通过公众号联系: 48 | ![-w784](InBug.png) 49 | --------------------------------------------------------------------------------